Mandiant’s M-Tendencies 2026 report, launched immediately on the RSA Convention, exhibits that attackers are shifting quicker, working extra collaboratively, and more and more specializing in the programs organizations depend on to get better from breaches.
The report, based mostly on greater than 500,000 hours of incident response engagements in 2025, finds that attackers are compressing key phases of the assault lifecycle, at the same time as median dwell time elevated to 14 days, up from 11 days the earlier yr.
As well as, it reveals a change in ways. Voice phishing accounted for 11% of preliminary an infection vectors, making it the second most typical entry level after exploits, which led at 32%. Electronic mail phishing declined to six%, down from 14% the yr earlier than, reflecting a transfer towards extra interactive social engineering. Collectively, the developments level to a shift in each how shortly assaults unfold and what attackers try to attain as soon as inside.
